Develop OSLog Framework Integration

[TomasTurina]

Description

After completing the research on how to integrate the OSLog Framework into the new Wazuh Agent coded in C++, along with validating the configuration options, it is requested to develop this integration as a new Reader of the logcollector module.

Tasks

1. Extend Logcollector's Setup Function
   • Parse and validate the macOS-specific configuration options.
2. Integrate OSLog API
   • Develop a wrapper to interact with the OSLog framework from C++.
   • Ensure synchronous retrieval and filtering of logs based on queries, levels, and types.
   • Develop this library as a standalone library that will be used by logcollector.
3. Implement macOS Reader
   • Develop the Reader to process and transmit logs in the standard format.
   • Handle log rotation detection.
   • Store the necessary information that will allow collection to resume in case the agent is restarted.
4. Testing
   • Write unit tests and integration tests to validate the Reader's behavior with different queries, log levels, and types.
   • Test the Reader's behavior with multiple configuration entries.
5. Documentation
   • Prepare detailed documentation for the macOS Reader, including configuration examples, usage instructions, and limitations.

[jr0me]

Update

Started writing a class in C++ to wrap around OSLogStore in a dedicated CMake target, to be used by the future ULS reader in Logcollector.

[jr0me]

Update

Moving forward with the class:

This is a C++ wrapper around OSLogStore, handling Objective-C objects with memory management and providing an iterator-like interface for log entries. Including:
• A Pimpl idiom to hide Objective-C headers from the public C++ API.
• Iterator support, each with its own OSLogEnumerator retained/released correctly.

The wrapper is functional, iterates logs in C++ style, and respects Objective-C memory lifetimes. Next steps should be using this class from a log collector reader.

Wip commit for reference: aa0e41c